A flaw was found in the IA32 system call emulation provided on AMD64 andIntel 64 platforms. An improperly validated 64-bit value could be stored inthe %RAX register, which could trigger an out-of-bounds system call tableaccess. An untrusted local user could exploit this flaw to run code in thekernel (ie a root privilege escalation). (CVE-2007-4573).

Red Hat would like to thank Wojciech Purczynski for reporting this issue.

Red Hat Enterprise Linux 5 users are advised to upgrade to these packages,which contain a backported patch to correct this issue.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/FAQ_58_10188